PT-2025-29531 · Unknown · Time-Line-

Name of the Vulnerable Software and Affected Versions: TIME LINE versions prior to 1.0.5 Description: The TIME LINE website has a flaw where uploaded files instruction/message media lack strict validation for type and size. This allows a user to upload renamed or oversized files, potentially...

CVE-2020-36849

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

CVE-2020-36849

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

CVE-2020-36849 AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

CVE-2025-6058

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addbookingtype' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitra...

CVE-2025-6058

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addbookingtype' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitra...

CVE-2025-6057

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimageupload function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2025-4406

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

WordPress plugin WPBookit 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

SpringBoot_MyBatisPlus 代码问题漏洞

SpringBootMyBatisPlus is a SpringBoot integration with MyBatisPlus by Siwei Zhou, an individual developer. A code issue vulnerability exists in SpringBootMyBatisPlus, which stems from a wrong operation of the parameter portraitFile in file/file/upload leading to arbitrary file uploads...

WordPress plugin BeeTeam368 Extensions 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress plugin BeeTeam368 Extensions, which stems from a lack...

CVE-2025-4406

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

CVE-2025-4406 wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

CVE-2025-4406 wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

CVE-2025-4406

The wpForo Forum plugin for WordPress is affected by CVE-2025-4406 (Authenticated Subscriber+ Stored XSS via Profile Avatar). Root cause: insufficient input sanitization/output escaping in profile avatar handling, enabling injection of scripts that execute when a user loads the avatar page. Affec...

Code-Projects Library Management System 代码问题漏洞

Code-Projects Library Management System is an open source library management system from Code-Projects. A code issue vulnerability exists in Code-Projects Library Management System version 2.0, which stems from improper manipulation of the parameter photo in the file /admin/studenteditphoto.php,...

Code-Projects Staff Audit System 安全漏洞

Code-Projects Staff Audit System is an open source staff audit system from Code-Projects. A security vulnerability exists in Code-Projects Staff Audit System version 1.0, which stems from improper manipulation of the parameter uploadedfile in the file /test.php, which could lead to arbitrary file...

PT-2025-28462 · Unknown · Code-Projects Staff Audit System

Name of the Vulnerable Software and Affected Versions: code-projects Staff Audit System version 1.0 Description: A critical issue was found in the code-projects Staff Audit System. The problem is related to an unknown function of the file /test.php, where the manipulation of the uploadedfile...

BoyunCMS 安全漏洞

BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the parameter image in the file /application/user/controller/Index.php, which may lead to arbitra...

CVE-2024-13451

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing...